The FBI has launched an investigation hackers hijacked Twitter accounts of a number of high-profile US figures in an apparent Bitcoin scam.
“The accounts appear to have been compromised” to perpetrate cryptocurrency fraud, said the bureau, urging the public to be vigilant. Elon Musk, Bill Gates, and Joe Biden were among those hit in what Twitter said was a “coordinated” attack.
Their official accounts requested donations in the cryptocurrency.
“Everyone is asking me to give back,” said a tweet from the account of Mr. Gates, the Microsoft founder. “You send $1,000, I send you back $2,000.”
The US Senate Commerce Committee has demanded Twitter brief it about Wednesday’s incident by 23 July.
Twitter said the hackers had targeted its employees “with access to internal systems and tools”.
“We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” the company said in a series of tweets.
It added that “significant steps” had been taken to limit access to such internal systems and tools while the company’s investigation continues.
The tech firm has also blocked users from being able to tweet Bitcoin wallet addresses for the time being.
The UK’s National Cyber Security Centre said its officers had “reached out” to the tech firm. “We would urge people to treat requests for money or sensitive information on social media with extreme caution,” it said in a statement.
US politicians also have questions. Republican Senator Josh Hawley has written to the company asking if President Trump’s account had been vulnerable.
President Trump’s account was not compromised, the White House said.
The chair of the Senate Commerce Committee has also been in contact with Twitter.
“It cannot be overstated how troubling this incident is, both in its effects and in the apparent failure of Twitter’s internal controls to prevent it,” Senator Roger Wicker wrote to the firm.
One cyber-security expert said that the breach could have been a lot worse in other circumstances.
Twitter earlier had to take the extraordinary step of stopping many verified accounts marked with blue ticks from tweeting altogether.
Password reset requests were also being denied and some other “account functions” disabled.
By 20:30 EDT (00:30 GMT Thursday) users with verified accounts started to be able to send tweets again, but Twitter said it was still working on a fix.
Dmitri Alperovitch, who co-founded cyber-security company CrowdStrike, told Reuters news agency: “This appears to be the worst hack of a major social media platform yet.”
On the official account of Mr. Musk, the Tesla and SpaceX chief appeared to offer to double any Bitcoin payment sent to the address of his digital wallet “for the next 30 minutes”.
“I’m feeling generous because of Covid-19,” the tweet added, along with a Bitcoin link address.
The tweets were deleted just minutes after they were first posted.
But as the first such tweet from Mr. Musk’s account was removed, another one appeared, then a third.
Others targeted included:
Reality TV star Kim Kardashian West.
Former US President Obama.
Media billionaire Mike Bloomberg.
The ride-sharing app Uber.
The iPhone-maker Apple.
The campaign of Joe Biden, who is the current Democratic presidential candidate, said Twitter had “locked down the account within a few minutes of the breach and removed the related tweet”